Kansas City Hospice Hit by BlackSuit Ransomware Attack
Incident Date:
October 19, 2024
Overview
Title
Kansas City Hospice Hit by BlackSuit Ransomware Attack
Victim
Kansas City Hospice
Attacker
Black Suit
Location
First Reported
October 19, 2024
Ransomware Attack on Kansas City Hospice by BlackSuit Group
Kansas City Hospice & Palliative Care, a nonprofit organization renowned for its compassionate end-of-life care, has fallen victim to a ransomware attack by the notorious BlackSuit group. This incident highlights the vulnerabilities faced by healthcare providers, particularly those in the hospice sector, which are often targeted due to the critical nature of their services and data.
About Kansas City Hospice
Established in 1980, Kansas City Hospice & Palliative Care is a prominent nonprofit organization dedicated to providing comprehensive hospice and palliative care services. With approximately 200 staff members, the organization offers a range of services, including in-home care, inpatient care, symptom management, and family support. Its commitment to holistic care, addressing physical, emotional, and spiritual needs, distinguishes it in the healthcare industry. The organization is deeply rooted in the Kansas City community, engaging in educational initiatives and training programs for healthcare professionals.
Attack Overview
The ransomware attack was revealed when BlackSuit listed Kansas City Hospice on its dark web leak site on October 19. Upon detecting unusual activity, the hospice quickly initiated an investigation with third-party forensic specialists. Although certain systems were disrupted, the organization managed to maintain operations and has since achieved full recovery. The full scope of the data accessed remains undisclosed, and Kansas City Hospice has not confirmed any ransom demands publicly.
About BlackSuit Ransomware Group
BlackSuit, a successor to the Royal ransomware family, is known for its sophisticated tactics, including data exfiltration and extortion. The group employs a double extortion model, threatening to publish stolen data if ransoms are not paid. BlackSuit typically gains initial access through phishing emails, disabling antivirus software, and exfiltrating data before deploying ransomware. Their ransom demands range from $1 million to $10 million, with payments usually requested in Bitcoin.
Potential Vulnerabilities
Healthcare organizations like Kansas City Hospice are particularly vulnerable to ransomware attacks due to the sensitive nature of their data and the critical services they provide. The reliance on digital systems for patient care and data management makes them attractive targets for threat actors like BlackSuit. The attack underscores the importance of effective cybersecurity measures to protect against such threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.